find-test-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's script (scripts/find-block-content.js) and SKILL.md explicitly fetch and scrape HTML and query-index.json from arbitrary hosts (e.g., live/preview URLs like main--mysite--owner.aem.live or any provided host), so untrusted third‑party page content is ingested and used to decide which URLs/variants to recommend for testing.